19

Here is the situation...

I have a cron job scheduled to run that is used to backup my database. Because of the way php is installed, I'm having to use lynx to hit the php script that is performing the backup.

Because this script has to live within my public_html folder I want to deny all requests except for the ones that come directly from my server (i.e.: localhost). Also, I'm assuming that the ip I'll be coming from is 127.0.0.1. I'm not exactly sure if that's true but I can't think of what else my ip would be in this situation. Am I right about the cron job running and hitting the script from 127.0.0.1?

Here is what my .htaccess looks like:

order allow,deny
deny from all
allow from 127.0.0.1

As a result, I keep getting a 403 Forbidden. Which is what I want to do for everyone else except for myself. Maybe I'm going about this the wrong way... Does anyone see what I'm doing wrong?

Anthony
  • 734
  • 3
  • 9
  • 22

5 Answers5

34

Use the order the other way around, ie:

order deny,allow
deny from all
allow from 127.0.0.1
dajobe
  • 4,938
  • 35
  • 41
  • 1
    Ah, thanks for pointing that out! Not sure why I did that.... Also, I found that I needed to allow the ip address of my server access and not localhost. I assume that's because I'm hitting the fully qualified (http://.....) address when using lynx in the cron job. Thanks for the help. – Anthony Aug 15 '09 at 06:19
  • Brilliant, I put my phone's IP into allow.Now I can do it. :) – SPG Jul 22 '11 at 09:29
  • 9
    I think you should also allow from `::1`, because otherwise it may not let you in (Apache 2.4.7) – anestv Jun 19 '14 at 16:35
  • 2
    What should i do if i want to add another IP address besides the Require Local? (for httpd-xampp.conf) I mean, i want to allow local access and one external IP. My file has originally "Require Local", below it i have added "allow from xxx.xxx.xxx.xx" but it doesn't work because it shows access denied to that IP. – Pathros Jan 15 '15 at 18:11
10

Require local

The local provider allows access to the server if any of the following conditions is true:

  • the client address matches 127.0.0.0/8
  • the client address is ::1
  • both the client and the server address of the connection are the same

This allows a convenient way to match connections that originate from the local host:

Require local

Leo
  • 10,407
  • 3
  • 45
  • 62
2

Leo's answer solved my issue. This is what I have set up so I can block direct access to images:

<IfModule mod_rewrite.c>
<Files ~ "\.(jpg|jpeg|png|gif|pdf|txt|bmp|mp4|mov|ogg|wmv|webm|flv|mpg|mp2|mpeg|mpe|mpv|m4p|m4v|mp3|wav|acc|oga|m4a)$">
   order deny,allow
   deny from all
   Require local
   allow from all
</Files>
</IfModule>

I didn't want to type out the ip, incase the local ip changed later

SwiftNinjaPro
  • 787
  • 8
  • 17
2

None of the answers here allowed me to access http://localhost:8888/ until I added this:

allow from localhost

So in my case this is my entire .htaccess file:

order deny,allow
deny from all
# my IP
allow from xx.xx.xx.xx (use your own IP address here)
# Local development
allow from localhost

The # is a code comment. This file allows only me to access the site from my browser online (the IP) and locally from localhost.

Remember, the order matters when you use order deny,allow. You put the deny ones first in your file and then your allows below that.

SpaceNinja
  • 496
  • 7
  • 20
-1

Try to add .htaccess file in your /assets/ folder with this content:

Options +Indexes
# or #
IndexIgnore *

This way you will see your folder empty in browser.

octavian09
  • 139
  • 1
  • 3